Ever wondered how IE exploits get a whole executable to your computer?
Wonder no more. 11 months of IE exploits and at least a year or two's worth of future exploits can be avoided with one simple registry change. The problem that MS has isn't that they are incompetent, it's that they insist on leaving default features that are used by 1% of administrators like myself.
98% of spyware released since January 2004 can be avoided with the above registry fix. If you think that statistic is outrageous, I challenge you to find one piece of malware installed without using ADODB.Stream in one way, shape, or form. Be forewarned, I make and research IE exploits for a living and wouldn't make this kind of a claim without having the data to back it up.
I think there's some confusion on the part of a few posters here that needs to be cleared up.
The spammers aren't the companies that pay these guys to do it. The spammers are the people who actually queue up the messages and spit them out. Now, I know what you're thinking, the company being advertised is at fault, too. But still, there is an order that you gotta go through in order to get the right people.
After all, you don't go after the gun manufacturers for creating tools of self-defence just because unintended users end up killing people, right? The proper order is, the person who used it, the parents of the minor that used it, the retailer that sold the ammo, THEN the gun manufacturer, right?
Oh wait, nm. I guess the anti-gun sentiment amongst the public tends to skew the proper order you'd think this should be. But still, I'm the kind of person that is capable of hunting down spammers, but I simply don't do it because there is no incentive.
A monetary incetive might be lucrative, but I'd have to see the amount of money given. If it's too low, it's not worth my time. If it's too high, like the Microsoft reward offers for the Sasser and Blaster creators, then I know they aren't actually going to pay out.
And on a side note, the exact same public list to which the vulnerability was originally posted has since debunked this vulnerability. I'm on said list, and the only WAN ip that is allowed to connect to the device is the WAN's IP itself. (http://securityfocus.org/archive/1/364994/2004-05 -31/2004-06-06/0)
Now is this still a security issue? Sort of, because a small business employing the device might have one employee who could access the admin page, but he'd still have to have access to the router. The FUD on/., Bugtraq, and Full Disclosure is appalling.
Also, evolution is the selection of traits that arise randomly.
Okay, the point of discussing entropy was to get an acknowledgement of random occurences. Most drop the debate with the second law of thermodynamics for the reason the the original poster states, which is erroneous for the reasons you mentioned and also because it is impossible to say it is a law for the whole, but not for the part.
There is another reason why random evolution does not hold up. The eye.
There is no precedent for developing an eye which means that it supposedly happened "randomly". This in and of itself doesn't rule out randomness, but it does make "random" look like bit like "faith" that the Christians hold so dear.
Perhaps it was just the sensation of light and dark. But then it randomly changes again and again till we get to where we are now. Nowhere do we see the eye's beginning or continuing evolution in fossil records.
It would make sense that whichever creature in human roots came from water to land would continue eye development just as fast, if not faster, than gill to lung development. How about scales to hair?
Why is it that we don't see thermal signatures? Why don't we have different view modes? These would have undoubtedly helped us, and are not that much more significant than gills to lungs. Unless you take into account that the eye itself is such a huge development that it couldn't have possible arisen from evolution, it just doesn't add up.
Devolution is another quagmire. There are fish, bats, and countless other creatures that have been around for thousands of years and never used their eyes. If entrophy (or randomness) *did* have a hand in evolution, there would be eyeless bats that would be doing just as well as those with them. So why don't they exist?
Why is it that there are creaturs that do not use the eye that have passed the test of natural selection but no equivalents that do not have an eye?
Except for thermodynamics and evolution sometimes being at odds. I guess it depends on if you want to argue (as many have for years) that there is a link between thermodynamic entropy and logical entrophy.
Basically, you can't say that energy gets more disorganized over time and still say that evolution is why we are able to "fly a kite" whereas a dinosaur could not.
I have, in fact, toured 8 sweatshops thank your assuming ass very much. Two were in the US and have since been shut down.
Bullshit.
Do you like wearing pants made by an exploited human being who is afraid of getting pregnant and losing her job?
If they were being exploited, they wouldn't be working there, now would they? If they are being forced to work there, then I'd like to know about it. You are using 'exploited' as a term that is defined by the person saying it when it should be defined by the person you say is being exploited. Go convince her she is being exploited and tell her to go find a better job. Please, by all means, enlighten her. I'm sure her and her family will love you for it. And ten years down the road, if alive, they are still going to love you for it.
The point is we have a choice as to whether we demand better working conditions or not, and large corportations choose not.
"corportations". Nice. Oh well, I make spelling mistakes too. I just choose to go back and edit them for a complete reply because I respect those I disagree with. If I ever stop, it's because I've lost respect.
Anyway, to your point. I agree with that statement wholeheartedly. A lot of large corporations choose not to.
So people tried boycotting. And it didn't work. Hmm. Maybe there was a reason it didn't work. Perhaps it had to do with the fact that *NO ONE CARES*. Getting items for the best ratio of cost/quality is all I care about. Oftentimes who did the labor factors into the quality. If it does, and I don't like a practice I quit buying. That's my power as a consumer. You know that motherboard you're using currently? There's a damn good chance that the guy that put it together makes less than 15K a year and probably doesn't have the equivalent of cable. But you know what, he's better off than his father who had to piss in a bucket.
Now, let me ask you a specific question, because where people stopped innovating solutions was when boycotting failed. There was a "travesty" that was happening that the consumer of the products didn't care about and yet there was still a minority of people that wanted something done. And so these bimbos set up special interest groups and started lobbying the government to change laws.
IMHO, That's where the problems *started* not continued. Because by doing so, corporations began getting active in legislation and used their vast sums of money to actually influence government. It's because of unions that the country is in the state that it is in, and it's because of environ"mental"ists (fun term, hunh?) that no real change is going to be made.
Whether they have another job or not isn't the point, dummy.
If you can get one of those who have been "saved" by having someone come in and shut down the sweat shop to say that, I'd believe you.
People like you keep buying the shit, so why would they change their practice?
Hate to break it to ya bub, but "like you" is "everyone else". Only problem is, only I am vocal enough to tell you that I honest to god don't care. The ones who pay lip service to the alter of the "they should be ashamed" are the ones that tell you one thing and then turn around and drop 50 bucks on a pair of khakis.
And as a matter of fact, I haven't bought new clothes from Gap or any store other than budget ones for 8 years. I'm someone that doesn't even buy the stuff (or maybe I do and I just don't know if K-mart or whoever is doing the same thing) but I can tell you, I still don't care.
We COULD have just paid them more, but that's not an option now is it.
WTF is this "we" bullshit? I don't work in the clothing and apparel industry. I'm a consumer. I'm the one you decided to quit convincing not to buy clothes and instead you helped raise the cost because I gotta pay for some lawyer's stupid legal fees cause some Naomi Klein addict decided to throw a tizzy and religiously pays out of the pocket for litigation or direct lobbying.
Thanks for thinking you make my life better, asshole. And yes, that was a run-on sentencing that switched tenses because I'm losing respect for your stance.
In fact, the fact that we allow cars in the hands of private individuals at all...
Personally, it scares me that there is a "we" association attached to private ownership of vechicles.
Substitute "computer".
In fact, the fact that we allow computers in the hands of private individuals at all...
Granted, it is much easier to end a life accidentily with a car than a computer, but IMHO looking at it from the perspective that the government gets to decide and *I* don't really scares me. Both are tools, you should punish the person that decides to use them as weapons, not start to dictate who gets to own what.
Worm writers do not get caught. The ones that do are the least likely to write another worm again. Intelligent worm writers (IMHO the guy that coded Nimda is one of these) simply will not get caught or will target some guy that has *almost* the capabilities of themselves and pin the blame on them. Or shift suspisicion.
A lot of the real coders talk like they are 15 when they are really in their 30s. Hard ta buld a profil on me wen I talk leik dis, K?
Vecna (one of the most notorious vxers of the Win9x era) all but disappeared. He got a job. He timed his leaving with the arrest of someone else so he could pin blame. Beautiful.
Another good one: mafiaboy.
Was he caught? Yeah. Was he really the one responsible? Well, depends. Maybe you should find the guy that gave him the scripts and his first "botnet". Don't know about that? Of course you wouldn't. He's happy. Hell, he'll get out of jail and get a job somewhere. Maybe. He never was much of a coder.
Naw, I'm just noticing that there are a lot more posts about products and services on/. rather than the just the technology surrounding them as of late.
Cool features include a 40 gigabit-per-second optical interface
Wow. I'm so glad to have heard this for the 3rd time this week.
But seriously, these things will be great for handling all that bandwidth. Y'know, for the first time in the week when Slashdot posts about it being possible. Then for the second time when Slashdot editors approve a story that says it is rumored that one is in development and has been for some time. And then for the third time in the week when it's unveiled.
I'm glad that Slashdot delivers my advertisements to me in such an intuitive way that I don't even realize I'm being advertised to! It's kind of like the Home shopping network, only the remote on this form of media isn't broken, and I can change the channel. Which I'm going to do now.
No, and not only have you never been to a sweatshop either, you have absolutely no idea how far removed from Gap the pee bucket is. Gap purchases through distributors who may or may not have strict requirements for sweatshops. Your job is to watch to make sure GAP knows when the distributors aren't playing by the rules.
Gap is not responsible. Go take your Naomi Klein liberal spew elsewhere and get with reality for a second, where would the pee be if the bucket wasn't provided? There is choice and there is *NO CHOICE*. What other aspiring jobs are there for the people working in the sweatshops that you have supposedly seen?
Get off your soapbox and find a job where you don't have time to post to Slashdot. If children pissing in buckets instead of dying of hunger bothers you, then I encourage you to head to some of the towns with sweatshops busted in the 90s. If the stench doesn't kill you, maybe the STDs will from the girls who have now grown up to be prostitues because it was horrible for them to be pissing in a bucket.
Don't you just feel proud of your stance?
You haven't seen reality, so talk to someone who has. You'll change your GD mind so fast that you'll still be wearing your tye-dye T-shirt and holding the blunt while you tear up your "No Logo" book.
Simple. Threaten to kill yourself if they follow through with the lawsuit. If even one person actually follows through with it, the outrage would be outstanding.
Don't mod this funny, I'm actually being extremely serious. And yes, it would work. The one thing corporations do not want is a young male or females blood on their hands.
Let me give you some insight into how a 'cracker' looks at this since I just cracked an alpha-symbol-numeric Windows NT LM hash about an hour ago in about 5 minutes time. Your password isn't enough. You, as an administrator, have to get in there and modify the authentication scheme.
Or use SHA2. Cause I don't have rainbow tables to crack that. Yet. For those of you who don't or cannot follow security, the new buzz is creating your own crack tables in a couple of weeks or months. There is more info at the project rainbowcrack page.
The misconception that everyone has about passwords now (because we as sysadmins pushed it so hard in the late 90s, early 00s) is that alphanumeric is the way to go. With the advent of generating your own cracking tables, that is no longer the case anymore.
An alphanumeric md5 set of rainbow tables can be generated in about a weeks time with a 2.4 ghz processor. That's my rough estimate based on the couple days it took me to make the alphanumeric one for LM hashes.
I would highly suggest that if you want your users to come up with good passwords you have them make a "one-time" password, seed with a 20-character salt that looks like someone pounded the keyboard, and store it inside a SHA2 hash.
A good administrator is going to salt their passwords with a string of characters that already satisfies the "alpha-numeric-symbol" requirement. If there is any reason to do something other than the first name of your child it is to stop coworkers or friends or people that already know about you.
When using brute-force/guess method this is what I try first and my guess is that at least 1% of Slashdot fathers use this or a form of it as their pass. It's okay to be proud of your kid, but don't think you're honoring them by including them in your password.
I'm not a space geek so it outta mean something when I say I'd rather watch another Star Trek movie than Episode 3. And as annoying as they are, trekkies are much better company than the rabid Lucas and Star Wars freaks.
Here's a tip for both: when presented with a paradox, it is okay to say, "Yeah, Lucas/Roddenberry was on crack when he thought of that."
... slashdot pays a few million to an unknown company with apologies for driving their bandwidth to the ground.
Full text (sorry, no pictures):
Why doesn't MSN work with Opera? [Update Feb 7: After this page had been referenced by Cnet, The Register and Slashdot, MSN changed their setup so that Opera7 no longer receives the distorted style sheet. Opera6, however, still does]
Microsoft and MSN have a history of trying to stop people from using the Opera browser. When trying to access MSN.com using the Opera browser, there are two visible problems. First, for the user it looks like Opera has a serious flaw so that many lines are partially hidden. Second, the page shows less content than users of Microsoft's Internet Explorer (MSIE) see.
The purpose of this page is to document, in technical terms, what is going on. Did the Opera programmers make grave mistakes? Or is it something wrong on the MSN site? If so, is the Opera browser targeted specifically? (Executive summary: no, yes, yes)
To analyze the problem, the first step is to download the files as they are served to the browsers. When requesting a page, the browser sends along a "User-Agent" string which makes it possible for the server to identify which make and version the browser is. Here are the User-Agent strings used by the three browsers (when running on Windows XP) in this test:
Browser User-Agent string Opera 7.0 Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en] MSIE 6.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape 7.01 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
When downloading pages, browsers sometimes modify the content before saving the pages to disk. For comparison purposes it is therefore important to use another to fetch the files. In this test "wget" was used. The table below shows the files fetched by "wget" when told to identify as Opera7, MSIE and Netscape 7.01, respectively. The test was run around 2PM Oslo time on Feb 5, 2003.
Files Bytes Command used to fetch file opera7.html 39436 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]" --output-document opera7.html http://www.msn.com msie6.html 37253 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" --output-document msie6.html http://www.msn.com ns7.html 37379 wget --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01" --output-document ns7.html http://www.msn.com
As can be seen in the table above, each browser is sent different HTML files. If you open the files in your browser of choice, you will see that that the file sent to Opera7 has less content in (although it is bigger) than the version sent to the Microsoft and Netscape browsers.
To understand why there are differences, we need to peek inside the HTML files. This part of the analysis is quite time-consuming, but by now we have some experience. It turns out that MSN sends different style sheets to the different browsers. This can be seen in the first LINK element of each of the three files. The style sheets are:
Browser File Bytesize Command used to fetch file Opera 7.0 site.css 521 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]" --output-document site.css http://i.msn.com/m/8/c/site.css MSIE 6.0 site-win-ie6.css 2036 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" --output-document site-win-ie6.css http://i.msn.com/m/8/c/site-win-ie6.css Netscape 7.01 site-all-nav6.css 1926 wget --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01" --output-document site-all-nav6.css http://i.msn.com/m/8/c/site-all-nav6.css
As can be seen in the table above, Opera7 receives a style sheet which is very different from the Microsoft and Netscape browsers. Looking inside the style sheet sent to Opera7 we find this fragment:
An oft-ignored subject when working on WINE is the emulation of Microsoft's operating systems primarily for gaming purposes. Indeed, it could be argued that this is the last big hurdle that might not ever be truly possible.
What options/alternatives do you see Linux gamers having with regards to DirectX emulation for popular Windows games that don't have Linux equivalents? Do you see better support for DirectX API in the near or distant future?
I do not want to refresh the page everytime I change an option,
Ok. You realize that with iFrames and/or Java (which I imagine is going to play a huge factor here) you're first complaint is pretty weak. This is going to be used on a high-speed Intranet, so "refresh" is like "send and receive data". You'd wait the same amount of time to refresh a page as you would for the Novell server to load up your template. Plus the support and upgrading are extremely easy for the administrators. And users like you can't screw up your settings so people like me have to figure out what you fscked up.
For most business purposes, a web interface is a natural progression for almost all client applications. It's upgradable, affordable, and easy to troubleshoot.
I do not want to use some propriatary scripting language to run a word processor.
Too bad, I do, and it isn't going to run any slower. Your "Word 2003" runs the same speed on an 1.2 ghz as it does on a 2.8 ghz. So the only way you're going to justify to me that you need a 2.8 ghz processor is because you're running a Java Office Suite. Or, if you like, I can give you back your 1.2 ghz processor and you can keep running Office 2003?
It's amazing how quickly that line of wording will get even the staunchest dog to come running to you and your new hardware toy you're holding over their heads. Users have learned that hardware upgrades are good, and they are willing to endure software changes for the hardware ones. You see, us administrators have learned how to play you, and we aren't going to suddenly fail now.
The web was *not* designed for applications and applications will *not* run well on the web.
Slashdot was *not* designed for f1rst posters who spew dronespeak, and dronespeak will *not* get you very far on Slashdot.
If you have a legitimate beef with web applications, speak it. There are legitimate web applications that exist all over the net, and it could be argued that you are in fact using one right now. (Slashdot)
There are some reasons not to adopt web applications, but you haven't even brushed the legitimate arguments. Instead, you decided to post quickly to get something down as people started moderating. Looks like your ploy worked.
There is not much difference in the car evolution and the computer evolution. With computers, we're entering the "regulation and bureaucracy" phase that hit vehicles in the early 1970s all the way through the 80s.
The computer aspect is going to involve "Government Agency #31337" full of washed up NSA agents ready for a life of peace and tranquility busting 'corporations' who will know how to pay them off and small business and personal (yes, open source) programmers who will be unable to release code that doesn't pay some stupid government certification.
Slashdot Mirror
Wonder no more. 11 months of IE exploits and at least a year or two's worth of future exploits can be avoided with one simple registry change. The problem that MS has isn't that they are incompetent, it's that they insist on leaving default features that are used by 1% of administrators like myself.
98% of spyware released since January 2004 can be avoided with the above registry fix. If you think that statistic is outrageous, I challenge you to find one piece of malware installed without using ADODB.Stream in one way, shape, or form. Be forewarned, I make and research IE exploits for a living and wouldn't make this kind of a claim without having the data to back it up.
And what say you regarding the Mountain Lion issue? Especially on bike trails?
I think there's some confusion on the part of a few posters here that needs to be cleared up.
The spammers aren't the companies that pay these guys to do it. The spammers are the people who actually queue up the messages and spit them out. Now, I know what you're thinking, the company being advertised is at fault, too. But still, there is an order that you gotta go through in order to get the right people.
After all, you don't go after the gun manufacturers for creating tools of self-defence just because unintended users end up killing people, right? The proper order is, the person who used it, the parents of the minor that used it, the retailer that sold the ammo, THEN the gun manufacturer, right?
Oh wait, nm. I guess the anti-gun sentiment amongst the public tends to skew the proper order you'd think this should be. But still, I'm the kind of person that is capable of hunting down spammers, but I simply don't do it because there is no incentive.
A monetary incetive might be lucrative, but I'd have to see the amount of money given. If it's too low, it's not worth my time. If it's too high, like the Microsoft reward offers for the Sasser and Blaster creators, then I know they aren't actually going to pay out.
Probably the best reason to learn ASM is so you can code your own viruses instead of stealing my own GPL'd malware.
And on a side note, the exact same public list to which the vulnerability was originally posted has since debunked this vulnerability. I'm on said list, and the only WAN ip that is allowed to connect to the device is the WAN's IP itself. (http://securityfocus.org/archive/1/364994/2004-05 -31/2004-06-06/0)
/., Bugtraq, and Full Disclosure is appalling.
Now is this still a security issue? Sort of, because a small business employing the device might have one employee who could access the admin page, but he'd still have to have access to the router. The FUD on
Also, evolution is the selection of traits that arise randomly.
Okay, the point of discussing entropy was to get an acknowledgement of random occurences. Most drop the debate with the second law of thermodynamics for the reason the the original poster states, which is erroneous for the reasons you mentioned and also because it is impossible to say it is a law for the whole, but not for the part.
There is another reason why random evolution does not hold up. The eye.
There is no precedent for developing an eye which means that it supposedly happened "randomly". This in and of itself doesn't rule out randomness, but it does make "random" look like bit like "faith" that the Christians hold so dear.
Perhaps it was just the sensation of light and dark. But then it randomly changes again and again till we get to where we are now. Nowhere do we see the eye's beginning or continuing evolution in fossil records.
It would make sense that whichever creature in human roots came from water to land would continue eye development just as fast, if not faster, than gill to lung development. How about scales to hair?
Why is it that we don't see thermal signatures? Why don't we have different view modes? These would have undoubtedly helped us, and are not that much more significant than gills to lungs. Unless you take into account that the eye itself is such a huge development that it couldn't have possible arisen from evolution, it just doesn't add up.
Devolution is another quagmire. There are fish, bats, and countless other creatures that have been around for thousands of years and never used their eyes. If entrophy (or randomness) *did* have a hand in evolution, there would be eyeless bats that would be doing just as well as those with them. So why don't they exist?
Why is it that there are creaturs that do not use the eye that have passed the test of natural selection but no equivalents that do not have an eye?
Except for thermodynamics and evolution sometimes being at odds. I guess it depends on if you want to argue (as many have for years) that there is a link between thermodynamic entropy and logical entrophy.
Basically, you can't say that energy gets more disorganized over time and still say that evolution is why we are able to "fly a kite" whereas a dinosaur could not.
Only on Slashdot can a comment like this get rated informative.
Mod it like people care.
Actually, it's whatever people start using. In the H/P/C/V/W underground it is actually refered to as "virii".
What can you do about the "Viagra spammer" and the "Enlargment spammer"?
Bullshit.
Do you like wearing pants made by an exploited human being who is afraid of getting pregnant and losing her job?
If they were being exploited, they wouldn't be working there, now would they? If they are being forced to work there, then I'd like to know about it. You are using 'exploited' as a term that is defined by the person saying it when it should be defined by the person you say is being exploited. Go convince her she is being exploited and tell her to go find a better job. Please, by all means, enlighten her. I'm sure her and her family will love you for it. And ten years down the road, if alive, they are still going to love you for it.
The point is we have a choice as to whether we demand better working conditions or not, and large corportations choose not.
"corportations". Nice. Oh well, I make spelling mistakes too. I just choose to go back and edit them for a complete reply because I respect those I disagree with. If I ever stop, it's because I've lost respect.
Anyway, to your point. I agree with that statement wholeheartedly. A lot of large corporations choose not to.
So people tried boycotting. And it didn't work. Hmm. Maybe there was a reason it didn't work. Perhaps it had to do with the fact that *NO ONE CARES*. Getting items for the best ratio of cost/quality is all I care about. Oftentimes who did the labor factors into the quality. If it does, and I don't like a practice I quit buying. That's my power as a consumer. You know that motherboard you're using currently? There's a damn good chance that the guy that put it together makes less than 15K a year and probably doesn't have the equivalent of cable. But you know what, he's better off than his father who had to piss in a bucket.
Now, let me ask you a specific question, because where people stopped innovating solutions was when boycotting failed. There was a "travesty" that was happening that the consumer of the products didn't care about and yet there was still a minority of people that wanted something done. And so these bimbos set up special interest groups and started lobbying the government to change laws.
IMHO, That's where the problems *started* not continued. Because by doing so, corporations began getting active in legislation and used their vast sums of money to actually influence government. It's because of unions that the country is in the state that it is in, and it's because of environ"mental"ists (fun term, hunh?) that no real change is going to be made.
Whether they have another job or not isn't the point, dummy.
If you can get one of those who have been "saved" by having someone come in and shut down the sweat shop to say that, I'd believe you.
People like you keep buying the shit, so why would they change their practice?
Hate to break it to ya bub, but "like you" is "everyone else". Only problem is, only I am vocal enough to tell you that I honest to god don't care. The ones who pay lip service to the alter of the "they should be ashamed" are the ones that tell you one thing and then turn around and drop 50 bucks on a pair of khakis.
And as a matter of fact, I haven't bought new clothes from Gap or any store other than budget ones for 8 years. I'm someone that doesn't even buy the stuff (or maybe I do and I just don't know if K-mart or whoever is doing the same thing) but I can tell you, I still don't care.
We COULD have just paid them more, but that's not an option now is it.
WTF is this "we" bullshit? I don't work in the clothing and apparel industry. I'm a consumer. I'm the one you decided to quit convincing not to buy clothes and instead you helped raise the cost because I gotta pay for some lawyer's stupid legal fees cause some Naomi Klein addict decided to throw a tizzy and religiously pays out of the pocket for litigation or direct lobbying.
Thanks for thinking you make my life better, asshole. And yes, that was a run-on sentencing that switched tenses because I'm losing respect for your stance.
Personally, it scares me that there is a "we" association attached to private ownership of vechicles.
Substitute "computer".
In fact, the fact that we allow computers in the hands of private individuals at all ...
Granted, it is much easier to end a life accidentily with a car than a computer, but IMHO looking at it from the perspective that the government gets to decide and *I* don't really scares me. Both are tools, you should punish the person that decides to use them as weapons, not start to dictate who gets to own what.
Here's the problem.
Worm writers do not get caught. The ones that do are the least likely to write another worm again. Intelligent worm writers (IMHO the guy that coded Nimda is one of these) simply will not get caught or will target some guy that has *almost* the capabilities of themselves and pin the blame on them. Or shift suspisicion.
A lot of the real coders talk like they are 15 when they are really in their 30s. Hard ta buld a profil on me wen I talk leik dis, K?
Vecna (one of the most notorious vxers of the Win9x era) all but disappeared. He got a job. He timed his leaving with the arrest of someone else so he could pin blame. Beautiful.
Another good one: mafiaboy.
Was he caught? Yeah. Was he really the one responsible? Well, depends. Maybe you should find the guy that gave him the scripts and his first "botnet". Don't know about that? Of course you wouldn't. He's happy. Hell, he'll get out of jail and get a job somewhere. Maybe. He never was much of a coder.
Naw, I'm just noticing that there are a lot more posts about products and services on /. rather than the just the technology surrounding them as of late.
Wow. I'm so glad to have heard this for the 3rd time this week.
But seriously, these things will be great for handling all that bandwidth. Y'know, for the first time in the week when Slashdot posts about it being possible. Then for the second time when Slashdot editors approve a story that says it is rumored that one is in development and has been for some time. And then for the third time in the week when it's unveiled.
I'm glad that Slashdot delivers my advertisements to me in such an intuitive way that I don't even realize I'm being advertised to! It's kind of like the Home shopping network, only the remote on this form of media isn't broken, and I can change the channel. Which I'm going to do now.
No, and not only have you never been to a sweatshop either, you have absolutely no idea how far removed from Gap the pee bucket is. Gap purchases through distributors who may or may not have strict requirements for sweatshops. Your job is to watch to make sure GAP knows when the distributors aren't playing by the rules.
Gap is not responsible. Go take your Naomi Klein liberal spew elsewhere and get with reality for a second, where would the pee be if the bucket wasn't provided? There is choice and there is *NO CHOICE*. What other aspiring jobs are there for the people working in the sweatshops that you have supposedly seen?
Get off your soapbox and find a job where you don't have time to post to Slashdot. If children pissing in buckets instead of dying of hunger bothers you, then I encourage you to head to some of the towns with sweatshops busted in the 90s. If the stench doesn't kill you, maybe the STDs will from the girls who have now grown up to be prostitues because it was horrible for them to be pissing in a bucket.
Don't you just feel proud of your stance?
You haven't seen reality, so talk to someone who has. You'll change your GD mind so fast that you'll still be wearing your tye-dye T-shirt and holding the blunt while you tear up your "No Logo" book.
Simple. Threaten to kill yourself if they follow through with the lawsuit. If even one person actually follows through with it, the outrage would be outstanding.
Don't mod this funny, I'm actually being extremely serious. And yes, it would work. The one thing corporations do not want is a young male or females blood on their hands.
Or use SHA2. Cause I don't have rainbow tables to crack that. Yet. For those of you who don't or cannot follow security, the new buzz is creating your own crack tables in a couple of weeks or months. There is more info at the project rainbowcrack page.
The misconception that everyone has about passwords now (because we as sysadmins pushed it so hard in the late 90s, early 00s) is that alphanumeric is the way to go. With the advent of generating your own cracking tables, that is no longer the case anymore.
An alphanumeric md5 set of rainbow tables can be generated in about a weeks time with a 2.4 ghz processor. That's my rough estimate based on the couple days it took me to make the alphanumeric one for LM hashes.
I would highly suggest that if you want your users to come up with good passwords you have them make a "one-time" password, seed with a 20-character salt that looks like someone pounded the keyboard, and store it inside a SHA2 hash.
A good administrator is going to salt their passwords with a string of characters that already satisfies the "alpha-numeric-symbol" requirement. If there is any reason to do something other than the first name of your child it is to stop coworkers or friends or people that already know about you.
When using brute-force/guess method this is what I try first and my guess is that at least 1% of Slashdot fathers use this or a form of it as their pass. It's okay to be proud of your kid, but don't think you're honoring them by including them in your password.
I'm not a space geek so it outta mean something when I say I'd rather watch another Star Trek movie than Episode 3. And as annoying as they are, trekkies are much better company than the rabid Lucas and Star Wars freaks.
Here's a tip for both: when presented with a paradox, it is okay to say, "Yeah, Lucas/Roddenberry was on crack when he thought of that."
..as opposed to the browser (internet explorer) with no paying customers but a streamlined interface.
So streamlined and easy to use that it installs all sorts of fun tools without any of those silly, annoying, installation confirmation steps.
... slashdot pays a few million to an unknown company with apologies for driving their bandwidth to the ground.
Full text (sorry, no pictures):
Why doesn't MSN work with Opera?
[Update Feb 7: After this page had been referenced by Cnet, The Register and Slashdot, MSN changed their setup so that Opera7 no longer receives the distorted style sheet. Opera6, however, still does]
Microsoft and MSN have a history of trying to stop people from using the Opera browser. When trying to access MSN.com using the Opera browser, there are two visible problems. First, for the user it looks like Opera has a serious flaw so that many lines are partially hidden. Second, the page shows less content than users of Microsoft's Internet Explorer (MSIE) see.
The purpose of this page is to document, in technical terms, what is going on. Did the Opera programmers make grave mistakes? Or is it something wrong on the MSN site? If so, is the Opera browser targeted specifically? (Executive summary: no, yes, yes)
To analyze the problem, the first step is to download the files as they are served to the browsers. When requesting a page, the browser sends along a "User-Agent" string which makes it possible for the server to identify which make and version the browser is. Here are the User-Agent strings used by the three browsers (when running on Windows XP) in this test:
Browser User-Agent string
Opera 7.0 Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]
MSIE 6.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Netscape 7.01 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
When downloading pages, browsers sometimes modify the content before saving the pages to disk. For comparison purposes it is therefore important to use another to fetch the files. In this test "wget" was used. The table below shows the files fetched by "wget" when told to identify as Opera7, MSIE and Netscape 7.01, respectively. The test was run around 2PM Oslo time on Feb 5, 2003.
Files Bytes Command used to fetch file
opera7.html 39436 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]" --output-document opera7.html http://www.msn.com
msie6.html 37253 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" --output-document msie6.html http://www.msn.com
ns7.html 37379 wget --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01" --output-document ns7.html http://www.msn.com
As can be seen in the table above, each browser is sent different HTML files. If you open the files in your browser of choice, you will see that that the file sent to Opera7 has less content in (although it is bigger) than the version sent to the Microsoft and Netscape browsers.
To understand why there are differences, we need to peek inside the HTML files. This part of the analysis is quite time-consuming, but by now we have some experience. It turns out that MSN sends different style sheets to the different browsers. This can be seen in the first LINK element of each of the three files. The style sheets are:
Browser File Bytesize Command used to fetch file
Opera 7.0 site.css 521 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]" --output-document site.css http://i.msn.com/m/8/c/site.css
MSIE 6.0 site-win-ie6.css 2036 wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" --output-document site-win-ie6.css http://i.msn.com/m/8/c/site-win-ie6.css
Netscape 7.01 site-all-nav6.css 1926 wget --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01" --output-document site-all-nav6.css http://i.msn.com/m/8/c/site-all-nav6.css
As can be seen in the table above, Opera7 receives a style sheet which is very different from the Microsoft and Netscape browsers. Looking inside the style sheet sent to Opera7 we find this fragment:
What options/alternatives do you see Linux gamers having with regards to DirectX emulation for popular Windows games that don't have Linux equivalents? Do you see better support for DirectX API in the near or distant future?
I presume you are about to tell us why.
I do not want to refresh the page everytime I change an option,
Ok. You realize that with iFrames and/or Java (which I imagine is going to play a huge factor here) you're first complaint is pretty weak. This is going to be used on a high-speed Intranet, so "refresh" is like "send and receive data". You'd wait the same amount of time to refresh a page as you would for the Novell server to load up your template. Plus the support and upgrading are extremely easy for the administrators. And users like you can't screw up your settings so people like me have to figure out what you fscked up.
For most business purposes, a web interface is a natural progression for almost all client applications. It's upgradable, affordable, and easy to troubleshoot.
I do not want to use some propriatary scripting language to run a word processor.
Too bad, I do, and it isn't going to run any slower. Your "Word 2003" runs the same speed on an 1.2 ghz as it does on a 2.8 ghz. So the only way you're going to justify to me that you need a 2.8 ghz processor is because you're running a Java Office Suite. Or, if you like, I can give you back your 1.2 ghz processor and you can keep running Office 2003?
It's amazing how quickly that line of wording will get even the staunchest dog to come running to you and your new hardware toy you're holding over their heads. Users have learned that hardware upgrades are good, and they are willing to endure software changes for the hardware ones. You see, us administrators have learned how to play you, and we aren't going to suddenly fail now.
The web was *not* designed for applications and applications will *not* run well on the web.
Slashdot was *not* designed for f1rst posters who spew dronespeak, and dronespeak will *not* get you very far on Slashdot.
If you have a legitimate beef with web applications, speak it. There are legitimate web applications that exist all over the net, and it could be argued that you are in fact using one right now. (Slashdot)
There are some reasons not to adopt web applications, but you haven't even brushed the legitimate arguments. Instead, you decided to post quickly to get something down as people started moderating. Looks like your ploy worked.
Be prepared.
There is not much difference in the car evolution and the computer evolution. With computers, we're entering the "regulation and bureaucracy" phase that hit vehicles in the early 1970s all the way through the 80s.
The computer aspect is going to involve "Government Agency #31337" full of washed up NSA agents ready for a life of peace and tranquility busting 'corporations' who will know how to pay them off and small business and personal (yes, open source) programmers who will be unable to release code that doesn't pay some stupid government certification.
Darl McBride is the best thing to happen to Open Source.
Only problem is that it will still be a year or so before we realize just how great of a service he is/was to us.